This article describes that starting from v7.6.x Local-In policy can be created via the GUI
Scope
FortiGate v7.6.x.
Solution
In previous firmware versions, this option was only available via the CLI, see reference: Local-in policy
Step 1: Enable the Local-In policy by going to System > Feature Visibility, search for Local-In Policy, and enable it.
Step 2: Once enabled, go to Policy & Objects > Local-In Policy and select ‘Create new’.
Step 3: The option remains the same as the CLI, it is just necessary to select the details on the GUI.
config firewall {local-in policy | local-in-policy6}
edit <policy number>
set int <interface>
set srcaddr <source address>
set dstaddr <destination address>
set action {accept | deny}
set service <service name>
set schedule <schedule name>
set virtual-patch {enable| disable}
set comments <string>
next
end
On GUI
Step 1: Select the relevant interface which usually is the outbound (internet-facing) interface and then create the addresses that shall be allowed/blocked accordingly.
Step 2: Once done, select parameters such as destination, service, and action as per the requirement.
Step 3: Select ‘OK’ to apply the policy. Once done, the new policy is visible under Custom as shown below:
Step 4: For IPv6, enable IPv6 as well other than enabling the Local-In policy under System > Feature Visibility:
Step 5: Once enabled, select IPv6 under Local-In Policy:
Step 6: Similar steps can be repeated to create the IPv6 Local-In policy and the IPv6 is visible under ‘Customer’ as well:
